Skillv1.0.2

ClawScan security

WeChat Official Account (公众号发文) · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 12, 2026, 1:48 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and instructions match its stated purpose (posting to WeChat Official Accounts); the main concern is data leakage risk in browser-automation mode where page HTML is sent to external LLM endpoints by default — the SKILL.md documents this and offers mitigations.
Guidance: This skill appears to do what it claims (API mode and browser automation). Before installing or running: 1) Prefer API mode (publish.py) with WECHAT_APPID/WECHAT_SECRET for lowest privacy risk. 2) If you must use browser mode, do NOT set external analyzer keys (DASHSCOPE_API_KEY / OPENAI_API_KEY) unless you trust that service — by default the skill points to a third-party DashScope endpoint which will receive sanitized page HTML that may still include sensitive state. 3) For best privacy, run a local analyzer (Ollama) and set WECHAT_MP_ANALYZER_BASE_URL to a localhost URL as documented. 4) Review and, if needed, fix the page_analyzer._call_openai bug (undefined 'model' variable) before relying on automated analysis. 5) Inspect and back up the browser profile directory (~/.openclaw/wechat-mp-browser) and avoid using browser mode on machines with other logged-in sensitive accounts. If you want, I can point out the exact lines to patch (the undefined variable) or show how to run the API-only flow safely.

Review Dimensions

Purpose & Capability: okName/description (WeChat Official Account publishing) align with included scripts: publish.py implements official API flow requiring WECHAT_APPID/WECHAT_SECRET; publish_browser.py implements browser automation for personal accounts. Optional analyzer keys and proxies are reasonable for the browser-analysis path.
Instruction Scope: noteBrowser mode deliberately captures page HTML and sends a sanitized summary to an LLM for decision-making; this is within the stated scope but can leak sensitive login state or tokens despite sanitization. The SKILL.md explicitly warns and suggests using a local analyzer (Ollama) or not supplying external API keys to avoid outbound data. Also note a code bug: page_analyzer._call_openai references an undefined 'model' variable which may cause LLM calls to fail at runtime.
Install Mechanism: okNo install spec; instruction-only skill with Python scripts and a requirements.txt (playwright, openai). This is low-risk as long as the operator follows pip/playwright install instructions. Nothing is downloaded from arbitrary URLs in the manifest.
Credentials: noteNo required env vars in the registry metadata; scripts correctly require WECHAT_APPID/WECHAT_SECRET for API mode and optionally accept DASHSCOPE_API_KEY/OPENAI_API_KEY for the analyzer. These optional analyzer keys are proportional to the browser-analysis feature but carry privacy implications — the default analyzer base (DashScope) is an external third-party endpoint that would receive page HTML unless a local analyzer is used.
Persistence & Privilege: okSkill is not always-enabled. Browser mode stores a browser profile under ~/.openclaw/wechat-mp-browser and step screenshots under ~/.openclaw/wechat-steps; this is expected for a browser automation tool and scoped to the skill. It does not request system-wide privileges or modify other skills.